6ebf3c4ffbf242dd8b5af1456ea35e467840180d74e742b87d54a8553444e083

General

Target

6ebf3c4ffbf242dd8b5af1456ea35e467840180d74e742b87d54a8553444e083
Size

24KB
MD5

559bb16ced61f02c1361f880ded5b980
SHA1

5fb2688e9d1eb953482d89e27d839ddb7f52ca50
SHA256

6ebf3c4ffbf242dd8b5af1456ea35e467840180d74e742b87d54a8553444e083
SHA512

0109dcc0650240d69c5d11425e780492a8282a739a1e60cda33efc640f2f812f96020937e6223ba18d6ed3c38095ecc4d29ee163d45e4a58002ea61170542aeb
SSDEEP

384:ssL5EXWYZwUeb3jX+vzhTSl6pP0HMOqdhWdAAZS8Tot0TQlrjslx4d1srr3:skEXWYte3Gz0eCMfd0igS8Tot0EAewr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ebf3c4ffbf242dd8b5af1456ea35e467840180d74e742b87d54a8553444e083

Files

6ebf3c4ffbf242dd8b5af1456ea35e467840180d74e742b87d54a8553444e083
.sys windows:6 windows x64

e6f35cf04edd31838bbaece2093c4aaf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCompleteRequest
ObfDereferenceObject
ExAllocatePoolWithTag
IoDeleteSymbolicLink
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
RtlInitUnicodeString
IoDeleteDevice
swprintf
KeInitializeEvent
KeInitializeDpc
KeReleaseSpinLock
IoDetachDevice
MmUnmapIoSpace
RtlFreeUnicodeString
ExFreePool
MmMapIoSpace
IoConnectInterrupt
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
IoDisconnectInterrupt
IoGetDeviceProperty
KeSynchronizeExecution
IofCallDriver
KeAcquireSpinLockRaiseToDpc
KeClearEvent
KeSetEvent
IoStartNextPacket
KeInsertQueueDpc
ExEventObjectType
ObReferenceObjectByHandle
KeBugCheckEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6f35cf04edd31838bbaece2093c4aaf

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 804B

.data Size: 512B - Virtual size: 276B

.pdata Size: 512B - Virtual size: 504B

PAGE Size: 5KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 848B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 804B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 504B

PAGE
Size: 5KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 848B